I would like to ban a certain number of IP ranges from accessing the server at all. I don't want to use an external firewall to do that though.

I know that can be done via the Ban function of the Antihacking Protection, however, there is no interface to input the IP ranges directly. What is the correct syntax to input them manually in the "persist.data" file instead?

What I want is for those IP ranges to not be served anything at all - the server should simply drop those connections as soon as they're established.

The only thing I need to know is, where exactly I should insert the modified code in the contents of "persist.data". I could totally do this on my own if I had at least one attacking IP detected and blocked by my Abyss. The fact that I don't have any, effectively means that no entries are present in my "persist.data" file, and thus, I have no idea where to insert them manually.

My only question now is: how do I alter that so I can actually block an entire IP range, instead of just one IP address? If I try adding a range manually in the file, the value gets erased for some reason.

I don't get it. Why didn't you guys implement an interface option to manually add individual IPs/IP ranges in the Antihacking section? That would have been perfect, plus people that deal with webservers are more than capable of observing the behavior of malicious bots/scripts attacking the server, and determining whether or not they should be banned, instead of relying solely on the automated protection...

My only question now is: how do I alter that so I can actually block an entire IP range, instead of just one IP address? If I try adding a range manually in the file, the value gets erased for some reason.

You should do that while Abyss Web Server is not running.

Quote:

I don't get it. Why didn't you guys implement an interface option to manually add individual IPs/IP ranges in the Antihacking section? That would have been perfect, plus people that deal with webservers are more than capable of observing the behavior of malicious bots/scripts attacking the server, and determining whether or not they should be banned, instead of relying solely on the automated protection...

Software cannot be perfect from day 1. That's why we ask always customers and users to provide us with their feedback. If a feature is felt being missing, we add it in new versions. That's how Abyss Web Server evolved. :)_________________Support Team
Aprelium - http://www.aprelium.com

I'd actually LOVE to see an interface option in the Antihacking Protection section, offering to manually input IPs/ranges for use by the protection module. Main reason is - it handles the blacklisted connections differently than the graceful 403s of the Allowed/Denied section, dropping the connection immediately, and not wasting server resources on actually honoring the request by serving a "Forbidden" page. Also, a lot of attackers can easily be identified manually by a vigilant observer, and might be missed by an automated module - therefore we need the option to manually pinpoint ban targets for the protection.

Once the perpetrator sees the "Forbidden" page, they will actually know that they've been blacklisted. Security through obscurity is something I really like, and I do consider the Antihacking protection method of handling the connections a lot more effective in fending off those pesky attackers.

I mean - if you cannot even connect, what can you do? Plus, when the connection is simply dropped, the attacker will not have a clear idea as to why this is happening, and therefore will be less likely to implement proper counteracting measures to try and circumvent the ban.